Penetration Testing mailing list archives

[PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad

From: "Ruso, Anthony" <aruso () POSITRON QC CA>
Date: Mon, 18 Dec 2000 16:44:06 -0500

Hi All,

        What are common methods used in decrypting/encrypting cookies. Would
many of you trust the use of cookies to store - lets say - passwords and
personal information. I'm trying to extract passwords from a clients website
through the use of cookies. They used to store website passwords in clear
text. I managed to convince them to encrypt them but how can I test their
encryption choice and methods. My crypt-analysis experience is very basic.
Any feedback would be greatly appreciated.

Thanks

Current thread:

[PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ruso, Anthony (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Mark Curphey (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ryan Russell (Dec 19)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Thomas Reinke (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Chris Keladis (Dec 18)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Fricke, Gregory D. (Dec 19)
- Re: [PEN-TEST] IE Cookie Crypt-Analysis - Good or Bad Ng, Kenneth (US) (Dec 19)